Washington, DC

Data Privacy & Cybersecurity

﻿

Businesses and organizations of all sizes and industries are facing increased threats to their data stewardship on the one hand, and constantly evolving regulatory requirements and growing prosecutorial regimes on the other. And it’s only getting more challenging.

Our platform starts with your business needs and “ends” with an intense focus on helping you “get back to business” and drive enterprise value. It’s a comprehensive, business-minded, intelligent approach to managing, mitigating and responding to cyber threats.

Trends we’re watching:

Business leaders (not just IT departments) will be increasingly held directly accountable for data privacy controls and response to breaches.

Incident response plans will need to consider how to instantly email those affected and reset user passwords on a massive scale.

Wearable technologies and internet of things (IoT) will continue to proliferate, expanding the number of access points to and vulnerability of Protected Health Information (PHI) and other sensitive data.

Terms of Service and vendor agreements will increasingly require provisions to mitigate liability and protocol for privacy matters.

Employees will continue to be the biggest threat to cyber security, predominantly through negligence, requiring increased security training programs.

Companies using mobile apps, websites and social media. Whether communicating with, collecting information from, advertising to or doing business with clients and customers, they and others are impacted by the Telephone Consumer Protection Act (TCPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)

Those who market goods or services to children under the age of 13 and others impacted by the Children’s Online Privacy Protection Act (COPPA)

All companies that receive and store the personal financial information of their clients and customers, and others impacted by the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) and state data security laws

Law firms, accounting firms and other professional advisors working with sensitive client information

Law enforcement agencies

Recognition

Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law

Representative experience

Defended a client in litigation involving the theft of 1.7 million patient records

Provided emergency response and compliance strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:

A lost laptop containing the personal information of over 11,000 individuals from 31 different states

Represented numerous clients in privacy violation investigations by the Office for Civil Rights and state regulatory entities

Provide ongoing privacy and security counsel to a large utility

Counseled a pharmaceuticals company in corporate privacy and security issues and provided worldwide employee privacy training

Built enterprise-wide privacy and security framework for startup companies in the health care industry, municipalities and large corporations

Assisted clients with their applications for “safe harbor” under the Federal Communications Commission (FCC)

Developed and implemented website privacy policies and terms and conditions of use for a variety of clients in diverse industries

Media Clips

State AGs at odds over Google privacy pact at high court

Law360 | September 06, 2018

This article mentions Complex Commercial Disputes partners Chris Mason, Sarah André, Dan Deane and Seth Horvath as counsel for The New York Bar Foundation and The New York State Bar Association in an amicus brief—filed with the United States Supreme Court—in support of the approval by a California District Court, and the Ninth Circuit, of Google’s settlement involving a “cy pres” remedy in a privacy-related case.

Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

Confero | July 01, 2018

Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.

European Union law on data protection takes effect

Rochester Business Journal | June 08, 2018

Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.

DC Circuit Delivers Relief, but Not Clarity, with TCPA Ruling

Law360 | March 16, 2018

Boston IP litigation associate Troy Lieberman is quoted in this article explaining how the DC Circuit Court’s ruling on the FCC’s telemarketing rules will provide some relief for businesses.

PREVIEWS FROM THE INDUSTRY: Hospital Operations

Modern Healthcare | January 01, 2018

In this round-up of health care industry predictions for 2018, Chicago health care partner Valerie Montague provides an outlook on the future of cybersecurity in health care.

Three shady—and all too common—things that digital health startups do to make money

CNBC | November 17, 2017

Los Angeles health care partner Jill Gordon, who this article identifies as a “top lawyer” in the digital health space, provides in-depth commentary regarding the three common practices she’s seen among health technology startups that may violate medical regulations and what companies should be aware of to avoid costly penalties.

The uncertain future of the TCPA in the Trump era

Bloomberg Law | May 08, 2017

Manchester commercial litigation partner Dan Deane and New York City commercial litigation associate Paul Williamson contributed this article addressing the ways in which the Trump administration may affect the TCPA.

No immunity from cyberattacks and data breaches in 2016 and beyond

Rochester Business Journal | January 13, 2017

Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cyber security. The column provides an overview of the risks and potential legislative changes that could help small businesses and tips for creating a privacy policy.

Clinton and Trump and Robocalls, Oh My

Bloomberg Law | July 15, 2016

This feature story looks what political campaigns should know about robocalls. Boston IP litigation associate and TCPA practice co-leader Troy Lieberman discusses the apparent lack of FCC enforcement actions against political campaigns.

Ransomware is Rampant & Your Risk Analysis Might Save You

Health Information Compliance Alert | June 01, 2016

Providence commercial litigation counsel Steven Richard is quoted in this article focused on the results of a new study highlighting a new trend toward specialized data breach insurance policies.

6 Ways to Be a Go-To Firm for HIPAA Compliance

Law360 | April 29, 2016

Chicago health care partner Valerie Breslin Montague is included in this piece that looks at how attorneys are dealing with increasing Health Insurance Portability and Accountability Act (HIPAA) penalties and audits.

Cybersecurity Best Practices for Senior Bank Management

Bloomberg BNA Banking Report | March 21, 2016

Chicago partner Susan Feibus authored this column about important considerations for financial institutions to take in terms of policies and procedures that address the cyber threat environment and resilience to cyber attacks.

Nixon Peabody Adds DOJ Vet to White Collar Group

Law360 | March 02, 2016

This feature story highlights the arrival of Government Investigations & White Collar Defense partner Tina Sciocchetti.

Should Apple Release its Data to the FBI?

WJAR-TV (Providence NBC affiliate) | February 26, 2016

Providence commercial litigation counsel Steven Richard is interviewed in a segment about the battle between Apple and the FBI about the potential access to user data.